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Objectives: The transmission of medical information is currently a daily routine. Medical information needs efficient, robust 
and secure encryption modes, but cryptography is primarily a computationally intensive process. Towards this direction, we 
design a selective encryption scheme for critical data transmission. Methods: We expand the advandced encrytion stanard 
(AES)-Rijndael with five criteria: the first is the compression of plain data, the second is the variable size of the block, the 
third is the selectable round, the fourth is the optimization of software implementation and the fifth is the selective function 
of the whole routine. We have tested our selective encryption scheme by C ++ and it was compiled with Code::Blocks using 
a MinGW GCC compiler. Results: The experimental results showed that our selective encryption scheme achieves a faster 
execution speed of encryption/decryption. In future work, we intend to use resource optimization to enhance the round 
operations, such as SubByte/InvSubByte, by exploiting similarities between encryption and decryption. Conclusions: As en- 
cryption schemes become more widely used, the concept of hardware and software co -design is also a growing new area of 
interest. 
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The amount of medical image transmission has increased 
rapidly on the internet. Tele-medicine and e-health especial- 
ly, have a basic need of digital visual data (image, audio and 
video) transmission [1-4]. The security problem of the medi- 
cal image transmission also increase. For example, the neces- 
sity of fast and secure diagnosis is vital in the medical world. 
Since several years, the protection of multimedia data is 
becoming very important. The protection of this multimedia 
data can be done with encryption or data hiding algorithms. 
To decrease the transmission time, the data compression is 
necessary. So far, some resolutions [5,6] have been proposed 
to combine image encryption and compression. Some oth- 
ers [7,8] give the performance analysis on conventional en- 
cryption methods such as data encryption standard (DES), 
3DES, international data encryption algorithm (IDEA) and 
advandced encrytion stanard (AES), and some compression 
method such as Joint Photographic Experts Group (JPEG) 
and so on. AES, a block cipher as the new encryption stan- 
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dard, scrambles computation is performed on a fixed block 
size 128 bits with the key and round numbers. The core com- 
putation is iterated for many rounds, while the number of 
the rounds depends on the key size. Increasing the number 
of rounds applied, improves the resistance of the AES algo- 
rithm to cryptanalysis attacks. 

In this paper, we propose a novel algorithm for medical in- 
formation encryption based on AES-Rijndael. First, we pres- 
ent selector component on the input state, the key size and 
the number of rounds used to our algorithm to adopt many 
kinds of the platforms. Second, the raw image or plain-text 
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Figure 1. Encryption structure of the advandced encrytion sta- 
nard algorithm. 



can be compressed using Huffman algorithm [9] so as to 
reduce the image size of input as well as cutting AES-encryp- 
tion time by more than half. And third, the time of coding 
implementing AES can be the least, using loop unrolling and 
merging methods in our algorithm improving AES algo- 
rithm. 

II. Methods 

1. AES 

AES is an encryption standard adopted by the US govern- 
ment. The standard comprises symmetric block cipher AES 
from a larger collection originally published as Rijndael. 
Rijndael supports a range of block and key sizes; whereas the 
AES adopts a 128-bit block size and a key size of 128, 192 or 
256 bits which has 10/12/14 rounds. In the AES-128 shown 
as Figure 1, a state is a 4 x 4 array of bytes, and the AES op- 
erates on states. The AES includes 10 rounds, where each 
round includes 4 stages except the last round. The 128-bit (16 
byte) block is depicted as a square matrix of 4 x 4 bytes. The 
block is copied into the state array. This state array is modi- 
fied at each stage of encryption or decryption and copied 
into the output array at the end. In each round of encryption 
and decryption, four operations are performed. They are: 
substitute bytes, shift rows, mixcolumns, and add round key. 
The mixcolumns operation is omitted in the last round and 
an initial key addition is performance before the first round 
for whitening. 

The state array is subject to four operations in each round. 
The first one is substitution bytes transformations. In the 
SubBytes step, each byte in the array is updated using an 
8-bit substitution box, the Rijndael S-box (16 x 16) shown as 
in Figure 2. This operation provides the non-linearity in the 
cipher. The S-box used is derived from the multiplicative in- 
verse over GF (2 s ), known to have good non-linearity prop- 
erties. To avoid attacks based on simple algebraic properties, 
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Figure 2. SubBytes transformation. 



Vol. 16 • No. 1 • March 2010 



www.e-hir.org 23 



Ju-Young Oh et al 

the S-box is constructed by combining the inverse function 
with an invertible affine transformation. 

The ShiftRows step operates on the rows of the state; it cy- 
clically shifts the bytes in each row by a certain offset shown 
in Figure 3. For AES, the first row is left unchanged. Each 
byte of the second row is shifted one to the left. Similarly, the 
third and fourth rows are shifted by offsets of two and three 
respectively. 

In the MixColumns step, the four bytes of each column of 
the state are combined using an invertible linear transforma- 
tion. The MixColumns function takes four bytes as input and 
outputs four bytes, where each input byte affects all four out- 
put bytes. Together with ShiftRows, MixColumns provides 
diffusion in the cipher. In Figure 4, each column is treated as 
a polynomial over GF (2 s ) and is then multiplied modulo x A 
+ 1 with a fixed polynomial c(x) = 03x 3 + 02x 2 + Olx + 01. 

In the AddRoundKey step shown as Figure 5, the subkey 
is combined with the state. For each round, a subkey is de- 
rived from the main key using Rijndael's key schedule; each 
subkey is the same size as the state. The subkey is added by 
combining each byte of the state with the corresponding byte 
of the subkey using bitwise XOR. 

The key expansion algorithm, the 128 -bit key is taken as a 
square matrix of bytes. The AES key encryption algorithm 
takes a 4- word key as input and gives a liner array of n b (n r 
+ 1) words. The n b is 4 (word key) and n r is the number of 
rounds where n r is 11 for AES- 128, the key of which is then 
expanded into array of 44 key scheduled words asw[i] where 
0 < i < n b (n r +1). Initially the 4 word key is copied into the 
first four words of the expanded key. Then the remainder of 
the expanded key is filled in four words at a time. Each word 
is obtained by XORing the values of immediately preceding 
word and the word four positions back. In case of the posi- 
tion which is a multiple of 4, function Rot- word and func- 
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tion Subword are used, where the Rot-word performs a one- 
byte circular left shift on a word, and Sub -word is used to 
have a byte substitution on each byte of its input word using 
the S-box. The above two sub functions' results are XORed 
with a round constant. Round constant as Rcon[j], where 0 
< j < 9, is a word in which three rightmost bytes are 0 so that 
the effect of an XOR with Round constant is performed on 
only the leftmost byte of the word. There is an example of the 
key expansion algorithm of AES- 128 shown in Figure 6. 

2. The Selective Encryption Algorithm (SEA) 

AES-Rijndael with 128/192/256 bit keys and 16 byte data 
treats data in 4 groups of 4 bytes, operating an entire block 
in every round. At that time, AES are considered not suitable 
for visual data such as digital image because of long compu- 
tation process. Recent advances in hardware capability and 
improvement in software have led to achieve the optimal 
execution rate when we can find the size of input state by 
implementing our SEA algorithm system. The result shows 
that the size of input state among 20 x 20 to 30 x 30 can get 
the least execution time. In this paper, we proposed a novel 
encryption algorithm called SEA which is selective and im- 
proves the AES algorithm. The Architecture of SEA is shown 
in Figure 7. The Architecture allows one to perform core 
idea of our algorithm is a optional manner implemented 
by Selector component given in Figure 7. Since the current 
trend of medical image transmission over the network is 
more and more increasing. The digital visual data have some 
different types, like video, audio, Image, text file, and so on. 
As we known, many kinds of platforms from many kinds 
of devices are over the wire/wireless network. Therefore the 
selector component performs the selector function, where 
compression of the raw image or plain text noted as Cyn, the 
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Figure 3. ShiftRow transformation. 
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Figure 6. RoundKey generation. 
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Ciphertext 



size of input state noted as InpS, the size of key noted as KeS 
and the number of round noted as Rn are optional and can 
be decided. 

Recall that the resistance of AES -based encryption against 
cryptanalysis attacks depends entirely on the Rn used. The 
compression component using Huffman coding is proposed 
in our algorithm so as to reduce the Rn entirely used as well 
as keeping less implementation time. In the same breath, us- 
ing compressed data as input state improves the resistance 
of AES against breaking attacks. The Huffman compressor 
component is shown in our algorithm architecture. The 



state-rotation function, a linear function lets input state do 
negative rotation by 90 degrees can be optional to add in our 
algorithm. Since many double circulation codes exist in the 
raw AES algorithm, it costs much time during it's implemen- 
tation state. Therefore, our proposed algorithm performs 
unrolling and merging methods replacing the double circu- 
lation codes to keep its least implementation time, shown in 
Tables 1-3 [10]. 
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III. Results 

We study the performance of our algorithm on the platform 
as follows: Intel 2.4 GHz CPU and 2 GB RAM. A visual 
programming using C++ codes which have been made as 
Code::Blocks ver. 8.02 (The Code::Blocks team, free and 
open source) and then complied by MinGW GCC, has been 
used for implementing our algorithm, we compared our al- 

Table 1. Loop unrolling for ApplyKey 



Initial code 



Modified code 



int i, j; 

for (i=0; i<BS ; i++) 
for (j=0;j<BS;j++) 
holder[i][j] A =rk[i][j]; 



int i; 

for (i=0; i<BS ; i++) 

{ holder[i] [0] A = roundKey[i] [0] 
holder[i][l] A = roundKey[i][l] 
holder[i][2] A = roundKey[i] [2] 
holder[i][3] A = roundKey[i] [3] 
} 



Table 2. Loop unrolling for SubBytes 



Initial code 



Modified code 



int i, j; 


int i; 


for (i=0; i<BS ; i++) 


for (i=0; i<BS ; i++) 


for (j=0;j<BS;j++) 


{ holder[i][0] = SBox[holder[i][0]]; 


holder[i][j]=box[a[i][ 


j]]; holder[i][l] =SBox[holder[i][l]]; 


holder[i][2] = SBox[holder[i][2]]; 


holder[i][3] - SBox[holder[i][3]]; 



gorithm before compression to after compression on three 
kinds of input file like simple text (eg, english text file), com- 
plex text (eg, report, paper file) and Image file (eg, X-ray, CT, 
etc), given in Table 4. 
In order to make decision on three elements (InpS, KeS, Rn) 
which affects in our algorithm. The raw file and compressed 
file can be input state respectively and we compare the ex- 
ecution time of them. The throughput, say Tp, BlockSize 
meaning the size of input state and Clockcycle, a static vari- 
able of system hardware, can be expressed in terms of the 
round number, say Rn, is as in (1) can be found in [11]. The 
chart of Figure 8 show that the optimal situation arises when 
Blocksize is 30Code::Blocks ver. 8.0230. 



Tp- 



Block Size 
{rn + 1 ) X Clockcycle 



(i) 



Since pinpoint difference of execution time exists when 
Blocksize is around in [20 x 20 - 30 x 30]. we have used 160 
bits key, input state 20 x 20 and 20 rounds in our proposed 
algorithm. Figures 9-11 show the results of algorithm execu- 
tion time between two separate input data (raw data and 
compressed data) respectively. For the simple text, The ex- 
ecution time in encryption/decryption can be reduced more 
than 50% using our algorithm. In the mean time, the execu- 
tion time in encryption/decryption can be reduced 25% for 
complex file and 40% for image file respectively. 

IV. Discussion 

In this paper, we have presented a selective encryption algo- 
rithm based on AES for medical information. We performed 
selector component on the input state, the key size and the 



Table 3. Loop unrolling and merging for ShiftRows 



Initial code 


Modified code 


int i, j; 


int i; 


for (i=0; i<BS ; i++) 


for (i=l; i<BS ; i++) 


{ { newData[0] = holder [i] [(0 + i) % BS]; 


for(j=0;j<BS;j++) 


newData[l] = holder[i][(l + i) % BS]; 


newData[j] = holder [i][(j + shifts [BS-4][i]) % BS]; 


newData[2] = holder[i][(2 + i) % BS]; 


for(j=0; j<BS ; j++) holder [i] [j] = newData[j]; 


newData[3] = holder[i][(3 + i) % BS]; 


} holder [i] [0] = newData[0]; 


holder[i][l] = newDatafl]; 


holder[i][2] = newData[2]; 


holder[i][3] = newData[3]; 
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Table 4. Sample data before and after compression 





Simple text 


Complex text 




Image 


Data (KB) 


Before 


After 


Before 


After 


Before 


After 




compression 


compression 


compression 


compression 


compression 


compression 


1 


7 


2 


7 


5 


514 


325 


2 


17 


6 


17 


14 


624 


559 


3 


25 


8 


25 


20 


673 


605 


4 


62 


20 


62 


49 


690 


259 


5 


135 


44 


135 


107 


697 


286 


6 


141 


46 


141 


111 


730 


305 


7 


304 


98 


304 


233 


737 


508 


8 


383 


124 


383 


291 


758 


234 


9 


497 


160 


497 


376 


850 


716 


10 


516 


166 


516 


389 


850 


418 


11 


799 


257 


799 


638 


893 


787 


12 


881 


284 


881 


703 


920 


756 


13 


947 


305 


947 


756 


975 


647 


14 


1,136 


366 


1,136 


911 


3,480 


1,308 


15 


1,550 


499 


1,550 


1,245 


7,602 


5,997 


16 


1,693 


545 


1,693 


1,360 


14,401 


8,161 


17 


2,443 


785 


2,443 


1,963 






18 


3,480 


1,119 


3,480 


2,794 






19 


7,602 


2,444 


7,620 


6,103 






20 


14,401 


4,629 


14,401 


11,560 







12 
10 

8 

6 

4 

2 

0 

2 3 4 5 6 

ion time 9.54 4.54 2.76 1.82 1.3 



Block size vs. execution time 



8 9 10 11 13 17 20 25 30 40 50 70 100200300500 Fiaure o Block size vs execution time 

1.02 0.76 0.66 0.6 0.46 0.54 0.38 0.36 0.3 0.44 0.42 0.44 0.56 0.52 0.98 2.52 riyurc O. DIULK bl£C Vb. CACLUUUll UlllC. 



16,000 



Simple text 




1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 

BC encryption 6.775 88.887 26.633 64.683 139.1 145.57 314.15 395.54 510.62 587.71 819.94 903.56 971.74 1,165.91,590.21,736.22,504.83,572.1 7,800.2 14,777 
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Figure 9. Processing time of encryption and decryption of sample text. 
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15.979 17.667 27.607 63.293 138.87 145.28 312.77 393.22 509.22 528.39 816.95 900.86 968.74 1,163 1,585.61,731.6 2,497.9 3,559.2 7,830.1 14,739 

5.817 24.052 21.065 50.855 110.31 114.44 241.23 299.01 386.15 299.27 653.79 720.92 774.83 933.68 1,275.51,393.6 2,011.6 2,864.6 6,253.4 11,846 

5.75 14.694 21.054 50.869 110.19 115.93 238.54 299.49 384.9 398.72 652.71 719.83 774.04 931.66 1,273.81,392.5 2,008.1 2,858.7 6,246.4 11,829 

Figure 10. Processing time of encryption and decryption of complex text. 
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Figure 11. (A) Processing time of en- 
cryption/decryption of im- 
age before compression. 
(B) Processing time of en- 
cryption and decryption of 
image after compression. 



number of rounds used to our algorithm adopted many 
kinds of platforms. And compressed image as input data 
not only gets high security and reduce much more than 
35% of average execution time. The results show that our 
algorithm is more efficient and fast improving original 
AES algorithm. In future work, we emphasis on resource 
optimization to enhance the round operations, such as 
SubByte/InvSubByte, by exploiting similarities between 
encryption and decryption. As the encryption scheme 
becomes more widely used, the concept of hardware and 
software codesign is also a growing new area of interest. 
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